Swagger support?

[nakamorichi]

Any idea how to get hapi-auth-jwt2 set up via Swagger definition? I've been trying the official Node.js Swagger library and a similar library provided by PayPal's kraken.js team, but I have no idea how to set up authentication and authorization.

[nelsonic]

@Kitanotori good question. Can you please give us an example of your usage? This is more of a question for @glennjones ... see: https://github.com/glennjones/hapi-swagger

[nakamorichi]

@nelsonic In order to use Swagger libraries that generate routes on-the-fly (e.g. swaggerize-hapi, swagger-node) from Swagger definition file, I need to be able to define authentication and authorization per-route. However, I can't find information anywhere on how to do this. hapi-swagger is not the right place to ask, because hapi-swagger does the opposite, i.e. generates Swagger definition from the routes that you have first written yourself. I tried swaggerize-hapi and swagger-node, and I want to use either one of them because being able to define all my Hapi routes in Swagger definition file would be a huge benefit.

For a clarification, the idea is to define routes in Swagger definition file , specifying a handler for each route (see examples e.g. here). Swagger is a language- and framework-independent standard, and being able to use it with Hapi and the relevant authentication/authorization solutions would make applications and APIs more maintainable and decoupled.

[cpatti97100]

+1

[glennjones]

As mentioned above you can generate a API from designing Swagger first. If you wish to take the other HAPI approach designing your endpoints using JOI first, a while ago I built a full example of using this plug-in and hapi-swagger https://github.com/glennjones/hapi-token-docs

Not a answer to this issue, but the link may be useful to other people reading this thread

[nelsonic]

@Kitanotori I don't think using hapi-auth-jwt2 precludes you from generating your routes using a swagger "builder" ... please re-open if I have miss-understood.

[nakamorichi]

@nelsonic I think you misunderstood. I don't want to generate routes into a file, but I want to generate them on-the-fly using swaggerize-hapi, or similar Swagger-compliant library that generates the routes on-the-fly from the Swagger definition file. The problem is, hapi-auth-jwt2 does not seem to support any standard or custom Swagger configuration parameters, so I don't know how I should proceed.

I want to be able to set any particular route defined in Swagger definition file to use hapi-auth-jwt2 for authentication without having to generate and edit route file(s) by hand, because that would destroy the whole purpose of using Swagger-compliant route autogeneration.

[nelsonic]

Ah... Ok. So is there a checklist or guide on swaggerize-hapi that would ensure that hapi-auth-jwt2 is compatible? (please excuse my ignorance, haven't used Swagger in a while...)

[nakamorichi]

I created issue also there (https://github.com/krakenjs/swaggerize-hapi/issues/46), and also posted question to StackOverflow but so far no progress. I don't know the architecture of these two two libraries well enough, so I'm not sure what is the best way to proceed.

Btw,. I recommend trying out Swagger and particularly swaggerize-hapi, because they provide an awesome way for platform-independent and standard API definition, plus you get Hapi routes automatically generated from the definition. This should be the direction for the whole Hapi community, imho.

Currently the way to set up JWT authentication for a Hapi route is by this syntax, right?

     config: {
         auth: {
             strategy: 'jwt',
             scope: ['admin', 'user', '...']
         }
     }

The problem is, I want to specify the strategy and the scope in the Swagger definition file so that swaggerize-hapi generates the appropriate route applying these settings.

Here and https://github.com/OAI/OpenAPI-Specification/issues/583 seems to be some talk about the same problem, although unrelated to Hapi. I guess this is mainly problem of Swagger 2.0 specification.

It might be actually that no change is necessary to hapi-auth-jwt2, but I wanted to post also here so that people struggling with the same problem could find information easily.